Utiliser ACME.sh avec vCenter

Installer acme.sh sur votre vcenter.

Connectez-vous en ssh à votre vcenter

cd ~
wget 'https://git.9r.com.au/projects/OPENSRC/repos/acme.sh/raw/acme.sh?at=refs%2Fheads%2Fmaster' -O acme.sh
chmod 755 ./acme.sh
./acme.sh --install
acme.sh --issue -d example.com --dns \
   --yes-I-know-dns-manual-mode-enough-go-ahead-please

Ajoutez le champs TXT généré par acme, rechargez votre dns.

acme.sh --renew -d example.com \
   --yes-I-know-dns-manual-mode-enough-go-ahead-please

Voila nos clés acme sont prêtes. Nous allons les importer dans notre système à l’aide des outils vmware.


root@vmware [ ~/.acme.sh ]# /usr/lib/vmware-vmca/bin/certificate-manager
                 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
                |                                                                     |
                |      *** Welcome to the vSphere 6.7 Certificate Manager  ***        |
                |                                                                     |
                |                   -- Select Operation --                            |
                |                                                                     |
                |      1. Replace Machine SSL certificate with Custom Certificate     |
                |                                                                     |
                |      2. Replace VMCA Root certificate with Custom Signing           |
                |         Certificate and replace all Certificates                    |
                |                                                                     |
                |      3. Replace Machine SSL certificate with VMCA Certificate       |
                |                                                                     |
                |      4. Regenerate a new VMCA Root Certificate and                  |
                |         replace all certificates                                    |
                |                                                                     |
                |      5. Replace Solution user certificates with                     |
                |         Custom Certificate                                          |
                |                                                                     |
                |      6. Replace Solution user certificates with VMCA certificates   |
                |                                                                     |
                |      7. Revert last performed operation by re-publishing old        |
                |         certificates                                                |
                |                                                                     |
                |      8. Reset all Certificates                                      |
                |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|

Note : Use Ctrl-D to exit.
Option[1 to 8]:

                _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Option[1 to 8]: 1
 
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
 
Performing operation on distributed setup, Please provide valid Infrastructure Server IP.
Server : hostname.9r.com.au
         1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate
 
         2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate
 
Option [1 or 2]: 2
 
Please provide valid custom certificate for Machine SSL.
File :

                _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Mettre les chemins des clées généré plus haut.

                _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Please provide valid custom certificate for Machine SSL.
File : /root/.acme.sh/mondomaine.fr/mondomaine.fr.cer
 
Please provide valid custom key for Machine SSL.
File : /root/.acme.sh/mondomaine.fr/mondomaine.fr.key
 
Please provide the signing certificate of the Machine SSL certificate
File : /root/.acme.sh/mondomaine.fr/fullchain.cer
 
You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : y
 
Command Output: /root/.acme.sh/mondomaine.fr/mondomaine.fr.cer: OK
 
Get site nameCompleted [Replacing Machine SSL Cert...]
default-site-name
Lookup all services
Get service default-site-name:2f828f98-80ae-4414-8e29-8f5bc4ffeca8
Don't update service default-site-name:2f828f98-80ae-4414-8e29-8f5bc4ffeca8
 
 ... etc ...
 
Update service 345572a0-1b95-4b1e-8652-4e7e21ed251c; spec: /tmp/svcspec_renwzveb
Get service 53c2d21f-144e-4779-85ff-4cf5e180d001
Update service 53c2d21f-144e-4779-85ff-4cf5e180d001; spec: /tmp/svcspec_nutupa2h
Updated 27 service(s)
Status : 85% Completed [starting services...]
 
 ... this takes a while ...

                _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Les clées sont importées et les services redémarre, attention le processure est un peu long comme un demarrage de vcenter.
Soyez patient.

                _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
 
Status : 100% Completed [All tasks completed successfully]
 
root@vmware [ ~/.acme.sh ]#

Et voila connectez-vous à votre vcenter comme d’habitude.

Attention pour l’instant il n’y a pas de renouvellement auto.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *